LG-8985 Make "Pass" the default option for mock device profiling result#7892
Merged
LG-8985 Make "Pass" the default option for mock device profiling result#7892
Conversation
The mock device profiler simulates a tool that assesses device risk. This is specfically meant to simulate the way ThreatMetrix works in deployed envrionments in local development and sandbox environments. In deployed environments javascript is added to the page to assess device risk. This javascript phones home to ThreatMetrix. When the user is submitting their information we make a request on the backend to ThreatMetrix for the result. The ThreatMetrix javascript may be blocked by the client. In this case the backed result will contain a warning code with the value `smmry_unkwx_session`. The `review_status` field, which is ultimately what is used to determine whether the user is allowed to proof without further review, will have a value of `pass`, `review`, or `reject` depending on the configuration for this case. We simiulate this behavior by loading javascript that displays a dropdown that allows the user to select the result that will come from assessing their device. This value is saved and returned on a mocked backend request. To similuate the behavior when the Javascript is blocked we have a `No Result` option which results in the mocked result being null. At one point we assumed that when a user's client blocks the javascript the result from ThreatMetrix would be null. This, however, is not the case. ThreatMetrix can still make a determination about the session if the Javascript is blocked. Receiving a value of `null` from Threatmetrix is an invalid state and should be considered an error state. The "No Result" case, which should be an error state, is the default state in local dev and test environments. This means that people going through proofing fail by default for unclear reasons. This commit makes the default `Pass` so this no longer happens. changelog: Improvements, Device profiling, The mock device profiler default state was set to "Pass" so that in envrionments where the mock device profiler is enable the mock device profiler will not cause users to fail by default.
zachmargolis
approved these changes
Feb 27, 2023
Contributor
zachmargolis
left a comment
zachmargolis
left a comment
There was a problem hiding this comment.
LGTM, do we also want to make that the ruby default for the when there is no key in redis?
Contributor
|
Yeah, I agree this is a better default. Is it possible to end up with a nil Threatmetrix result on the proofing component if the Session Query API call times out or fails in some way (e.g. 5xx)? |
Contributor
Author
Right now we have 2 different ways of handling nil results. The review controller considers it a fail and the GPO controller considers it a pass. How we should handle them is kind of an open question. I'm going to through together a ticket to propose that a nil result be considered a pass. I think that is out of scope of this PR.
That is an interesting question. For the 500 case it does look like we return a nil result. We do that in a few other cases. That is something I'll propose tightening up in the story I mentioned in my response to Zach's question above. |
jmhooper
added a commit
that referenced
this pull request
Mar 6, 2023
…ling drop In #7892 we made "Pass" the default option for the simulated device profiling tooling. Unfortunately the javascript there does not submit anything unless the user actually selects a value from the dropdown. This made sense in the world where "No Result" was the default. With pass as the default it causes the user to fail downstream. This commit makes 'pass' the default value if 'nil' is submitted. Nil will still be used as the TMx review status value if "no_result" is submitted. changelog: Improvements, Mock Device Profiling, The mock device profiling backend was changed to accept nil as a valid value in the cases where a user does not make a selection from the mock device profiling simulation javascript on the SSN step in the proofing flow.
jmhooper
added a commit
that referenced
this pull request
Mar 6, 2023
…ling drop (#7934) In #7892 we made "Pass" the default option for the simulated device profiling tooling. Unfortunately the javascript there does not submit anything unless the user actually selects a value from the dropdown. This made sense in the world where "No Result" was the default. With pass as the default it causes the user to fail downstream. This commit makes 'pass' the default value if 'nil' is submitted. Nil will still be used as the TMx review status value if "no_result" is submitted. changelog: Improvements, Mock Device Profiling, The mock device profiling backend was changed to accept nil as a valid value in the cases where a user does not make a selection from the mock device profiling simulation javascript on the SSN step in the proofing flow.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The mock device profiler simulates a tool that assesses device risk. This is specifically meant to simulate the way ThreatMetrix works in deployed environments in local development and sandbox environments.
In deployed environments javascript is added to the page to assess device risk. This javascript phones home to ThreatMetrix. When the user is submitting their information we make a request on the backend to ThreatMetrix for the result.
The ThreatMetrix javascript may be blocked by the client. In this case the backed result will contain a warning code with the value
smmry_unkwx_session. Thereview_statusfield, which is ultimately what is used to determine whether the user is allowed to proof without further review, will have a value ofpass,review, orrejectdepending on the configuration for this case.We simulate this behavior by loading javascript that displays a dropdown that allows the user to select the result that will come from assessing their device. This value is saved and returned on a mocked backend request. To simulate the behavior when the Javascript is blocked we have a
No Resultoption which results in the mocked result being null.At one point we assumed that when a user's client blocks the javascript the result from ThreatMetrix would be null. This, however, is not the case. ThreatMetrix can still make a determination about the session if the Javascript is blocked. Receiving a value of
nullfrom Threatmetrix is an invalid state and should be considered an error state.The "No Result" case, which should be an error state, is the default state in local dev and test environments. This means that people going through proofing fail by default for unclear reasons. This commit makes the default
Passso this no longer happens.